News

Document Management System Security

DocuWare is one of the world’s most secure EDM solutions, and is the only one that is certified by the FDA for security. DocuWare controls access through the following:

Profiles – These are setup against each cabinet and assign the rights to see and amend information within a cabinet

Groups – These are groups of functions that users can complete which are combined with profiles and integrated with the Active Directory. Users who are added to these groups will then receive functional and permissions access rights

Active Directory Integration – The system is fully integrated with Active Directory to ensure either single sign on or silent single sign on

Authentication Server – This handles the issuing of tokens to every user on login. As their rights change this will be reflected on login. No access to the system can happen unless through this server. This server will record all access to the system to the SQL tables for reporting

The following can be controlled in DocuWare:

Access to cabinets

Functional access (Read, write, download, annotate etc.)

Conditional access based on information held in other systems or within the indexing fields

Access to search and store dialogs to control the user experience

Other DocuWare Security Notes:

All security groups are administered through the admin portal and then the Active Directory once set up

Security options are flexible and any type of security access control can be created

Documents accessed via any portal (Web, mobile or Windows Explorer client) will be encrypted and secure

All documents saved in DocuWare are automatically encrypted using the AES (Advanced Encryption Standard) encryption process. AES is the successor to DES (Data Encryption Standard). AES is currently one of the most secure symmetric encryption processes. It is approved for use by the US government as the US encryption standard for documents with the highest security clearance level (top secret) and meets the strictest security requirements. An asymmetric key pair is generated for each file cabinet. The private key is used to encrypt the symmetric keys that are created when the documents in a file cabinet are encrypted. The private key for a file cabinet is, in turn, encrypted using a master key. DocuWare relies on the use of AES-256 with the maximum key length of 256 bit for maximum protection when encrypting. A key length of 4096 bits is used for the encryption of symmetric keys. A new symmetric key is generated for each document. This increases security, as there would only be a relatively small-encrypted data set available for a potential attempt at decryption.